Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document check-config.h and *adjust*.h as internal headers #9061

Open
wants to merge 2 commits into
base: development
Choose a base branch
from
Open

Document check-config.h and *adjust*.h as internal headers #9061

wants to merge 2 commits into from

Conversation

gilles-peskine-arm
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Apr 26, 2024
edited

It's technically possible to #include those headers, so users are doing it, and then complaining about the consequences. Resolve #9147.

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

@gilles-peskine-arm
Document check-config.h and *adjust*.h as internal headers
4af3fd3 
Including *adjust*.h directly is likely to cause them to be applied at the
wrong time, resulting in an invalid or unintended configuration.

Including check_config.h at the wrong time is likely to cause spurious
errors.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Belated changelog entry for not including check_config.h
7f19db5 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm added enhancement needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most) labels Apr 26, 2024
@gilles-peskine-arm gilles-peskine-arm added this to To Do in Roadmap Board for Mbed TLS via automation Apr 26, 2024
@minosgalanakis minosgalanakis self-requested a review May 9, 2024 14:44
minosgalanakis
minosgalanakis approved these changes May 9, 2024
View reviewed changes
Copy link
Contributor

@minosgalanakis minosgalanakis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mpg
mpg approved these changes May 10, 2024
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Roadmap Board for Mbed TLS automation moved this from To Do to Has Approval May 10, 2024
@gilles-peskine-arm gilles-peskine-arm added approved Design and code approved - may be waiting for CI or backports needs-backports Backports are missing or are pending review and approval. and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels May 16, 2024
This was referenced May 16, 2024
Open
Merged
gilles-peskine-arm
gilles-peskine-arm commented May 21, 2024
View reviewed changes
include/mbedtls/config_adjust_legacy_crypto.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_legacy_crypto.h
* \brief Adjust legacy configuration configuration
*
* This is an internal header. Do not include it directly.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: #9057 adds a new adjust file. If it gets merged first, we need to ensure that it follows the template that we're changing here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mentioned PR has been merged and it looks like the internal header warning will cleanly apply on top of it.

@gilles-peskine-arm gilles-peskine-arm added needs-work and removed approved Design and code approved - may be waiting for CI or backports labels May 23, 2024
@gilles-peskine-arm
Copy link
Contributor Author

gilles-peskine-arm commented May 23, 2024
edited

Although 7f19db5 has been approved, there is more work to do:

Since the discussion around the enforcement is more sensitive in 3.6 LTS, I intend to wait until #9146 is approved, then do the rebase and forward-port to development here.

minosgalanakis
minosgalanakis reviewed May 23, 2024
View reviewed changes
include/mbedtls/config_adjust_legacy_crypto.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_legacy_crypto.h
* \brief Adjust legacy configuration configuration
*
* This is an internal header. Do not include it directly.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mentioned PR has been merged and it looks like the internal header warning will cleanly apply on top of it.

ChangeLog.d/check-config.txt
@@ -0,0 +1,6 @@
Changes
* Explicitly state that mbedtls/check_config.h must not be included manually.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we change the cording in accordance to this PR from the backports?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll forward-port once the 3.6 PR has been approved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@minosgalanakis minosgalanakis minosgalanakis approved these changes

@mpg mpg mpg approved these changes

Assignees
No one assigned
Labels
enhancement needs-backports Backports are missing or are pending review and approval. needs-work priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most)
Projects
Roadmap Board for Mbed TLS
Has Approval
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Guidance to remove check_config.h inclusion from mbedtls_config.h
3 participants
@gilles-peskine-arm @mpg @minosgalanakis